A recent security breach has exposed significant vulnerabilities in TeleMessage, a messaging app used by some US government officials, including members of the Trump administration.
The hacker, who remains unidentified, managed to infiltrate the app's backend, obtaining sensitive data and raising serious concerns about the security of communications within the government.
Following the cyber incident, US Customs and Border Protection (CBP) immediately took the precaution of disabling TeleMessage, and an investigation into the extent of the breach is currently underway.
TeleMessage, developed by Israeli company Smarsh, is widely used by US government employees, particularly for the purpose of archiving encrypted messages.
The app is a modified version of Signal, designed to comply with retention policies.
It is an essential tool for ensuring that government communications, including those of top officials, are stored for record-keeping purposes.
However, this archiving function could become a security liability when not handled with the utmost care.
The breach occurred when the hacker exploited a vulnerability in the backend of TeleMessage’s system.
The attack, which took just 15 to 20 minutes, allowed the hacker to access customer data.
This included sensitive details related to CBP employees, as well as information from prominent financial institutions such as the cryptocurrency exchange Coinbase.
A screenshot from the hacker showed access to a panel listing the names, phone numbers, and email addresses of several government employees.
While the breach did not specifically target messages from former National Security Adviser Michael Waltz, the hack exposed other sensitive communications involving government officials.
A screenshot revealed that the attacker had access to the personal details of hundreds of US government employees.
Although Waltz’s conversations were not directly accessed, the breach has brought attention to the potential risks facing high-ranking officials’ communications.
Earlier this year, Mike Waltz faced criticism after accidentally adding a journalist to a sensitive Signal group discussing US military operations in Yemen.
This incident came to light following his removal from office.
Despite the app's vulnerabilities, the US government continues to rely on modified communication tools for archiving, leaving key questions about the balance between security and regulatory compliance.
Experts have raised concerns about TeleMessage's method of storing decrypted messages.
While this practice ensures compliance with retention rules, it also creates significant security risks.
If these messages are not securely managed, hackers can exploit this vulnerability, as seen in this incident.
The lack of robust security measures around message retention underscores the fragility of digital communication systems, especially when used for sensitive government matters.
The hacker’s identity remains a mystery, and it is unclear whether this was an isolated incident or part of a larger coordinated attack.
The fact that the hack was accomplished with minimal effort has only heightened concerns about the security of messaging platforms used by government officials.
The data stolen, including personal contact details and communication records, could have serious implications if exploited.
As the investigation continues, this breach reveals the risks associated with using third-party communication tools for sensitive government operations.
Chainflip introduced an upgrade to block illicit funds linked to the Bybit hack, protecting its platform and liquidity providers. The protocol now uses enhanced screening tools to prevent hackers from using its services to launder stolen assets.
WeatherlyHamster Kombat launches Hamster Network, a gaming-focused Layer-2 blockchain on TON, offering scalable, low-cost Web3 gaming infrastructure. Built on TON’s secure Layer-1, it supports dApps, a wallet, bridge, and DEX. Can this expansion revive its past hype and sustain relevance?
CatherineBybit has launched a website to track wallet addresses linked to the Lazarus Group after hackers stole over $1.4 billion in crypto. The exchange is offering a 5% reward from frozen assets to users who help identify and freeze stolen funds. Will this crowdsourced effort succeed or fall short?
KikyoClaude 3.7 Sonnet, an AI model from Anthropic, is playing "Pokémon Red" live on Twitch, overcoming challenges and making strategic decisions. Unlike earlier versions, it has successfully defeated three Gym Leaders, showing significant progress in AI's ability to solve problems and adapt to new situations.
AnaisCrypto influencer SolJakey has disclosed that he was forced to flee the country due to death threats following the controversial launch of the $LIBRA token.
CatherineStrive Asset Management suggested GameStop invest its $4.6 billion in Bitcoin to become a key player in digital assets. GameStop has not yet responded but is reportedly exploring alternative assets.
Weatherly21 D.O.G.E. employees resigned, warning that Musk's government purge is destabilising federal systems and threatening vital public services. After political loyalty interrogations, one-third of the agency was dismissed overnight via an anonymous email. The purge has disrupted essential services like Social Security, disaster relief, and taxes. Could this bold move backfire and harm the very institutions it seeks to reform?
KikyoApple announced a $500 billion investment in its U.S. operations, focusing on AI, manufacturing, and engineering. Despite speculation, the company has not shown any interest in adopting cryptocurrency.
WeatherlyA viral video captures a startling moment as two AI agents recognise each other during a call—then abruptly switch from human language to an unknown, machine-only communication.
CatherineA Binance user was targeted by a phishing scam after receiving a fake SMS about account access from North Korea. The scammer convinced the user to transfer funds to a fraudulent wallet, resulting in a financial loss.
Weatherly